rd /s /q cert
rd /s /q demoCA
md cert
set SERVER_CN=localhost
set CLIENT_CN=localhost
set EMAIL=mmmm@email.mm

::1.创建根证书私钥长度为2048
openssl genrsa -out cert/ca.key 2048
::2.利用私钥创建根证书按照提示一路输入：
openssl req -new -x509 -days 36500 -key cert/ca.key -subj "/C=CN/ST=JS/L=NJ/O=mmmm/OU=mm/CN=%SERVER_CN%/emailAddress=%EMAIL%" -out cert/ca.crt

::==server:
::3.创建长度为2048的SSL证书私匙
openssl genrsa -out cert/server.key 2048
::4.利用刚才的私匙建立SSL证书请求一路向下：
openssl req -new -key cert/server.key -subj "/C=CN/ST=JS/L=NJ/O=mmmm/OU=mm/CN=%SERVER_CN%/emailAddress=%EMAIL%" -out cert/server.csr -config ssl_conf/server.conf -extensions SAN
::5.当前文件夹下运行如下命令创建所需目录：
md demoCA && cd demoCA && md newcerts && echo 10 > serial && type nul>index.txt && cd ..
::6.用CA根证书签署SSL自建证书：
openssl ca -in cert/server.csr -out cert/server.crt -cert cert/ca.crt -keyfile cert/ca.key -days 3650 -extfile ssl_conf/server.conf -extensions SAN
::7.查看证书
openssl x509 -in cert/server.crt -noout -text
pause

::==client:
::3.创建长度为2048的SSL证书私匙
openssl genrsa -out cert/client.key 2048
::4.利用刚才的私匙建立SSL证书请求一路向下：
openssl req -new -key cert/client.key -subj "/C=CN/ST=JS/L=NJ/O=mmmm/OU=mc/CN=%CLIENT_CN%/emailAddress=%EMAIL%" -out cert/client.csr -config ssl_conf/server.conf -extensions SAN
::6.用CA根证书签署SSL自建证书：
openssl ca -in cert/client.csr -out cert/client.crt -cert cert/ca.crt -keyfile cert/ca.key -days 3650 -extfile ssl_conf/server.conf -extensions SAN
::7.查看证书
openssl x509 -in cert/client.crt -noout -text
pause